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DETAILED ACTION 



1. This office action is in replay to an amendment filed on June 24, 2005. 

The independent claim 1. 10. 19 have been amended and new claim 28-30 
have been added. Claims 1-30 are pending. 

Response to Arguments 

2. Applicant's argument filed on June 24, 2005 for claims 1-6, 10-15 and 19-24 have been 
fuUy considered but they are not persuasive. 

The First argument bv the applicant is about the new independent claims 1,10 and 
19, which are amended to includes features which was not part of the former 
independent claims. The new features added by the applicant is recited as follows, 
^wherein authentication includes at least one chosen fi-om the group consisting 
Generating a new user identitv value associated with a user identity 
and comparing the new user identity value to the stored user identity values and 
Obtaining an input responsive to a program attempting to access tiie 
system registry, the input allowing processing to continue ." Applicant indicated that 
these new features were not disclosed by the reference on the record namely Kathrow. 
Examiner disagrees with this argument, examiner would point out that the above 
features are disclosed by the former references on the records and the examiner 
explanation/ remark/ argument/ citation is included in the respective independent 
claims shown below. 

The second argument by the applicant is relation to the claims 7-9, 16-18 and 25- 

27, applicant argued that the independent claims 7, 16 and 25 includes features that 
was different fi-om the other independent claims 1, 10 and 19 therefore requested a 
second consideration with no argument. 
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E^xaminer has considered the above request however are moot in view of new 
gro\ind{s) of rejection. 

Claim Rejections - 35 USC §102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this OflBce action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) sin application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent granted 
on an application for patent by another filed in the United States before the invention by the applicant for 
patent, except that an international application filed under the treaty defined in section 351(a) shall have 
the effects for purposes of this subsection of an application filed in the United States only if the 
international application designated the United States and was published under Article 21(2) of such 
treaty in the English language. 

4. £laiauLl-6» 10-15,19-24 and 28-30 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Kathrow et al. (hereinafter referred as Kathrow](U.S. Patent No. 6,263,348) 

5. As per claims 1-2.10-11 and 28-29 Kathrow discloses a method comprising: 

• Generating a user identity value [hash Value of the user Password] 

associated with a user identity; (In Microsoft operating system, in the process of 
authentication, generation of a user identity value or the hash value of the user 
password is inherently included. For NT, user enters their password and the clients 
hashes the user's password, and generates the hash value or the user identity value 
and encrypts the server's challenge with this hash and sends two responses to the 
server: One response uses the LAN Manager hash and another response uses the 
stronger NT hash. The server then compares the client's response hash with the client's 
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hash in the SAM Registry hive.)(For the source/ explanation that the examiner used, see 
reference U, page 2, second paragraph) 

• Storing the user identity value [hash value of the user password]; (Storing 
the client's hash or the user identity value or the hash value of the user password, 

in the SAM Registry as explained above for the purpose of authentication is inherently 
included in the Microsoft operating system, NT) (For the explanation/ source that the 
examiner used See reference U, page 2, second paragraph) 

Furthermore Kathrow discloses 

• Generating a registry security value [ Fingerprint of the registry flle/s 
which includes hash value of the Windows registry file/s] associated with a 
system registry; [column 5, lines 11-25; column 4, lines 26-colurQn 5, line 25; 
figure 2, ref. Num "222" and "232") 

• Storing the registry security value; [Column 5, lines 11-26; figure 2, ref. Num 
"232"] (content storage stores the fingerprint of the file shown on figure 2, ref 
Num "232") and 

• Authenticating the system registry after reading the system registry. (As 

explained in the disclosure and on the dependent claim 5, this limitation 
comprises 

• Generating a new registry security value [ Fingerprint of the registry file/ s 
which includes hash value of the Windows registry file/s]; [Column 5, lines 
41-62; figure 2, ref. Num "234"] (The new registry finger print is generated and 
stored on storage shown on figure 2, ref. Num "234"] 
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• Comparing the new registry security value with the stored registry security value; 

[Column 6, lines 20-21; colximn 7, lines 1-6; figure 2, ref. Num *242''] and allowing 
processing to continue if the new registry security value is equal to the stored 
registry security value. [Column 6, lines 32-36; column 10, lines 38-43] (The 
processing will not be allowed to continue if the new registry security value is not equal 
with the stored security value. If this is the case, that is if they are foimd to be different, 
then the comparison result will be reported.) 

wherein authentication includes at least one chosen fi"om the group consisting of: 

Generating a new user identity value associated with a user identity 

and comparing the new user identity value to the stored user identity values (As 

explained above in Microsoft operating system, in the process of authentication, 
generation of a user identity value or the hash value of the user password is inherently 
included. For NT, user enters their password/ could be a new password and the clients 
hashes the user's new password, and generates the hash value or the user identity 
value and encrypts the server's challenge with this hash and sends two responses to the 
server: One response uses the LAN Manager hash and another response uses the 
stronger NT hash. The server then compares the client's response hash with the client's 
hash in the SAM Registry hive and this meets the limitation of generating a new user 
identity value associated with a user identity and comparing the new user identity value 
to the stored user identity values.) (For the source/ explanation that the examiner used, 
see reference U, page 2, second paragraph and since the limitation indicated at least 
one choosen firom the group consists of the above explanation is sufiScient) and 
Obtaining an input responsive to a program attempting to access the 
system registry, the input allowing processing to continue. (Since the limitation 
indicated at least one choosen from the group consists of the above explanation is 
sufficient) 
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6. As per claims 19-20 and 30 Kathrow discloses an Apparatus comprising: 

• A bus; [figure 1] {The bus is inherently included in the computer system shown 
on figure 1, it connects the cpu/processor with the memory or storage) 

• Storage device coupled to said bus;[Figure 1, ref. Num "162'' and "164") (The 
storage device shown on figure 1, ref. Num "162 and "164" are coupled to the 
processor by said bus as shown on figure 1) and 

• A processor coupled to said data storage device, [figure 1, ref. Num "160" and 
"162" and "164") 

• Said processor operable to receive instructions which, when executed by 
the processor, cause the processor to [Column 3, lines 23-27; column 3, 
lines 27-56] 

• Generating a user identity value [hash Value of the user Password] 
associated with a user identity; (In Microsoft operating system, in the process of 
authentication, generation of a user identity value or the hash value of the user 
password is inherently included. For NT, user enters their password and the clients 
hashes the user's password, and generates the hash value or user identity value and 
encrypts the server's challenge with this hash and sends two responses to the server: 
One response uses the LAN Manager hash and another response uses the stronger NT 
hash. The server then compares the client's response hash with the client's hash in the 
SAM Registry hive.)(For the explanation/ source that the examiner used, see reference 
U, page 2, second paragraph) 
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• Storing the user identity value [hash value of the user password]; (Storing 
the client's hash or the user identity value or the hash value of the user password, 

in the SAM Registry as explained above for the pvirpose of authentication is inherently 
included in the Microsoft operating system, NT) (For the explanation/ source that the 
examiner used See reference U, page 2, second paragraph) 

Furthermore Kathrow discloses 

• Generating a registry security value [ Fingerprint of the registry file/s 
which includes hash value of the Windows registry file/s] associated with a 
system registry; [Column 5, lines 1 1-25; column 4, lines 26-column 5, line 25; 
figure 2, ref Num "222", ref. Niom "232"] 

• Storing the registry security value; [Column 5, lines 1 1-26; figure 2, ref. Num 
"232"] (content storage stores the fingerprint of the file shown on figure 2, ref 
Num "232") and 

• Authenticating the system registry after reading the system registry. (As 

explained in the disclosure and on the dependent claim 5, this limitation 
comprises 

• Generating a new registry security value [ Fingerprint of the registry file/s 
which includes hash value of the Windows registry file/s]; [Column 5, fines 
41-62; figure 2, ref. Num "234"] (The new registry finger print is generated and 
stored on storage shown on figure 2, ref Num "234"] 

• Comparing the new registry security value with the stored registry security 
value; [Column 6, lines 20-21; column 7, lines 1-6; figure 2, ref. Num "242"] and 
allowing processing to continue if the new registry security value is equal 
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to the stored registry security value. [Colvunn 6, lines 32-36; column 10, lines 
38-43] (The processing will not be allowed to continue if the new registry 
security value is not equal with the stored security value. If this is the case, that 
is if they are found to be different, then the comparison result will be reported.) 

• Generating a new user identity value associated with a user identity 

and comparing the new user identity value to the stored user identity values (As 

explained above in Microsoft operating system, in the process of authentication, 
generation of a user identity value or the hash value of the user password is inherently 
included. For NT, user enters their password/ could be a new password and the clients 
hashes the user's new password, and generates the hash value or the user identity 
value and encrypts the server's challenge with this hash and sends two responses to the 
server: One response uses the LAN Manager hash and another response uses the 
stronger NT hash. The server then compares the client's response hash with the cUent's 
hash in the SAM Registiy hive and this meets the limitation of generating a new user 
identity value associated with a user identity and comparing the new user identity value 
to the stored user identity values.) (For the source/ explanation that the examiner used, 
see reference U, page 2, second paragraph and since the limitation indicated at least 
one choosen from the group consists of the above explanation is sufficient) and 
Obtaining an input responsive to a program attempting to access the 
system registry, the input allowing processing to continue. (Since the limitation 
indicated at least one choosen from the group consists of the above explanation is 
sufficient) 



6. As per claims 3-4 and 12-13 Kathrow discloses a method as applied to claims 1 and 
claim 10 above. Furthermore Kathrow discloses the method wherein generating a registry 
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security value associated with a system registry comprises: concatenating system registry 
information; and inserting the concatenated system registry information in a one-way function 
to obtain the registry security value. [ Column 4, lines 26-column 5, line 25; figure 2, ref. Num 

«232''] 

7. As per claims 5-6 and 14-15 Kathrow discloses a method as applied to claims 1 and 
10 above. Furthermore Kathrow discloses the method wherein authenticating the system 
registry after reading the system registry comprises: 

• Generating a new registry security value [ Fingerprint of the registry file/s 
which includes hash value of the Windows registry file/s]; [Colunm 5, lines 
41-62; figure 2, ref Num "234"] (The new registry finger print is generated and 
stored on storage shown on figure 2, ref Num "234"] 

• Comparing the new registry security value with the stored registry security 
value; [Column 6, lines 20-21; column 7, lines 1-6; figure 2, ref Num "242"] and 
allowing processing to continue if the new registry security value is equal 
to the stored registry security value. [Column 6, fines 32-36; column 10, lines 
38-43] (The processing wiU not be allowed to continue if the new registry 
security value is not equal with the stored security value. If this is the case, that 
is if they are found to be different, then the comparison result wiU be reported.) 

8. As per claims 21-22 Kathrow discloses an apparatus as appfied to claim 19 
above. Furthermore Kathrow discloses an apparatus wherein the processor operable to 
receive instructions which, when executed by the processor, cause the processor to generate a 
registry security value associated vrith a system registry comprises the processor to 
concatenate system registry information; and to insert the concatenated system registry 
information in a function to obtain the registry security value. [ Column 4, lines 26-column 5, 
line 25; figure 2, ref Num "232"] 
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9. As per claims 23-24 Kathrow discloses an apparatus as applied to claim 19 
above. Furthermore Kathrow discloses an apparatus wherein the processor operable to 
receive instructions viiich, when executed by the processor, cause the processor to 
authenticate the system registry after reading the system registry comprises the process 

• Generating a new registry security value [ Fingerprint of the registry file/s 
which includes hash value of the Windows registry file/s]; [Colunm 5, lines 
41-62; figure 2, ref. Num "234"] (The new registry finger print is generated and 
stored on storage shown on figure 2, ref. Num *'234''] 

• Comparing the new registry security value with the stored registry security 
value; [Column 6, lines 20-21; column 7, lines 1-6; figure 2, ref. Num "242"] and 
allowing processing to continue if the new registry security value is equal 
to the stored registry security value. [Column 6, lines 32-36; column 10, lines 
38-43] (The processing will not be allowed to continue if the new registry 
security value is not equal with the stored security value. If this is the case, that 
is if they are foxmd to be different, then the comparison result will be reported.) 

Claim Rejections - 35 USC §102 

10. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Ofl&ce action: 

A person shall be entitled to a patent unless - 



(b) the invention was patented or described in a printed publication in this or a foreign 
country or in public use or on sale in this country, more than one year prior to the date of 
application for patent in the United States. 
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11. nift<tn» 7-Q. 16-18 and 25-27 are rejected under 35 U.S.C. 102(b) as being anticipated 
by QPereira. (hereinafter referred as Pereira)(U.S. Patent No. 5, 809, 230) 

12. As per claim 7-9. 16-18 and 25-27 Pereira discloses a method 

detecting an attempt to change a system regist]y;[column 4, lines 49-54; 
column 4, lines 40-44; column 4, lines 49-51 column 10, lines 20-21] 

generating a user identity value associated with the user identity ;[column 10, 
lines 20-26] (if the user enters the corresponding password user wovdd be able 
to define/ access resoiirces in the registry) 

• Comparing the user identity value with a stored user identity value; (In 

Microsoft operating system, in the process of authentication, generation of a user 
identity value or the hash value of the user password is inherently included. For NT, 
user enters their password and the clients hashes the user's password, and generates 
the hash value or the user identity value and encrypts the server's challenge with this 
hash and sends two responses to the server: One response uses the LAN Manager hash 
and another response uses the stronger NT hash. The server then compares the client's 
response hash with the client's hash in the SAM Registry hive.) (For the 
source /explanation that the examiner used, see reference U, page 2, second paragraph) 
and 

• Modifying the system registry in response to being provided the user 

identity value equal to the stored user identity value.[column 10, lines 29- 

33](The access control program may use an application program interface (API) to 
modify the registry system file in accordance with the restricted list files generated by 
the access control program.) 
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Conclusion 

13, The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure.(See PTO-Form 892). 

Any inquiiy concerning this communication or earlier communications from the 
examiner should be directed to Samson B Lemma whose telephone number is 571-272-3806. 
The examiner can normally be reached on Monday-Friday (8:00 am — 4: 30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, BARRON JR GILBERTO can be reached on 571-272-3799. The fax phone nimiber 
for the orgaruzation where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for impublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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